Why does the ip-user-mapping distinguish DP and MP?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Why does the ip-user-mapping distinguish DP and MP?

L2 Linker

Hello

 

suddenly, I am wondering that ip-user-mapping have two table[DP, MP]

After connecting to AD Server to get Security logs, Why PAFW get that table seperatly,?

 

I think there are reason, and I don't know well about relating to DP, MP

 

If DP was restart about someting problem, Would PA be able to get user information through MP?

Do I think of backup?

 

I have been waiting for answer cleary 😄

 

Thank you

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

Hi John_Lee

 

The management plane has a much larger chunk of memory reserved for user-IP mappings than the dataplane and will serve as a cache to the dataplane whenever it needs mapping information that is not loaded on the DP yet. If the dataplane were to be restarted the MP will still contain all the mappings.

 

 

regards

Tom

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

4 REPLIES 4

Cyber Elite
Cyber Elite

Hi John_Lee

 

The management plane has a much larger chunk of memory reserved for user-IP mappings than the dataplane and will serve as a cache to the dataplane whenever it needs mapping information that is not loaded on the DP yet. If the dataplane were to be restarted the MP will still contain all the mappings.

 

 

regards

Tom

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

@reaper

When you mean MP has a huge chunk of memory for user-ip-mappings, I understand that DP has a limit.

And I would assume that DP cannot write more than what it can hold, how is the scenario where DP cache is already full handled?

Does it overwrite one of the mappings? Which is chosen to be swapped out?

(Might be it maintains a table which has number of hits, or the oldest one that was written in DP, etc?)

the mappings with the lowest time left on the idle timer (so have been idle longest) will be swapped out first

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Thank you @reaper

  • 1 accepted solution
  • 3760 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!